http://squirrelmail.org/security/issue/2006-12-02
Cross site scripting vulnerability via malicious input to the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php. This has been addressed in 1.4.9a.
Cross site scripting vulnerability via a shortcoming in the magicHTML filter. This has been addressed in 1.4.9 and improved in 1.4.9a.Affected Versions:1.4.0 - 1.4.9 Register Globals: Register_globals does not have to be on for this issue.
This hotfix resolves the issue on Ensim Pro for Linux v4.1.0 for the following operating systems :
Fedora Core 1 (FC1)
Fedora Core 2 (FC2)
RHEL3ES
RHEL4ES
Download :